Apple's IPv6 misstep is a sign of the times

Apple’s controversial decision not to support IPv6 on version 6.0 of AirPort Utility is the latest example of a broader problem plaguing the next-gen Internet Protocol: Many network vendors are lacking the same level of features and performance in products that support IPv6 as those that support IPv4, the original Internet Protocol.

In Apple’s case, the company doesn’t support IPv6 in its AirPort Utility 6.0 released in January. Instead, Apple requires users to run Version 5.6 of the AirPort Utility if they want to use IPv6 (and has not responded to our query about supporting IPv6 in AirPort Utility 6.0). This is especially a problem for users of Mac OS X Lion.

Apple is not alone in its spotty support for IPv6. Presenters at the North American IPv6 Summit in Denver last week said the lack of IPv6 feature parity for network hardware, software and services is one of the biggest challenges they face as they deploy the new standard.

“Some service providers and product vendors have limited IPv6 support today,” said Ron Broersma, chief engineer for the U.S. military’s Defense Research and Engineering Network, which has deployed IPv6 on its DNS, email and Web services. “It can take 12 to 18 months to get products fixed.”

IPv6 is an upgrade to the Internet’s main communications protocol, which is called IPv4.

IPv6 features an expanded addressing scheme that can support billions of devices connected directly to the Internet. But IPv6 is not backward compatible with IPv4, which is running out of addresses. Network operators can either support both protocols in what’s called dual-stack mode or translate between IPv4 and IPv6. If network operators do nothing, their IPv4-based websites will not be accessible to the growing number of Internet users who receive IPv6 addresses from their carriers.

Broersma listed “the lack of IPv6/IPv4 feature parity” as the top challenge for U.S. government agencies trying to deploy IPv6 in time to meet a Sept. 30, 2012, Obama administration mandate. He also complained about network vendors not using their own IPv6-based products internally, a practice known in the tech industry as “eating your own dog food.”

Broersma cited Cisco, Brocade, and Juniper as three network vendors that have improved the range of features and level of performance of their IPv6-based products since June 2011, when World IPv6 Day was held. World IPv6 Day was a 24-hour trial of IPv6 sponsored by the Internet Society that attracted thousands of website operators.

“Cisco has made major improvements in the last year, and we are very happy to see that,” Broersma said. “Brocade is close behind, and Juniper is making progress. This is especially for IPv6-only network management.”

Comcast has run into the problem of lagging IPv6 support by its suppliers as it deploys the new standard across its nationwide backbone. For example, only one of its key cable modem termination system (CMTS) vendors—Arris—supports IPv6 sufficiently enough to be included in its ongoing deployment of IPv6. Similarly, Comcast has approved only six home gateways from D-Link, Linksys and Netgear for its initial rollout of an IPv6 home networking service.

“Our network is multi-vendor CMTS. We’re still working hard to make sure the rest of our access network is in a place where we can put IPv6 in your house and make it work seamlessly,” said John Brzozowski, distinguished engineer and chief architect for IPv6 at Comcast.

Brzozowski says IPv6 home gateway support for IPv6 is “generally improving,” but he expressed some concern about Apple’s decision not to support IPv6 by default in its new AirPort Utility Version 6.0.

“Apple has taken the ability to seamlessly support IPv6 away from the AirPort Utility,” Brzozowski said. “It was one of the first versions of a home router that had IPv6 support. … It’s a little concerning. We hoped to see more IPv6 support, not less among [customer premises equipment] vendors.”

A related issue is the throughput and performance of network gear that does support IPv6.

“A lot of devices are starting to support IPv6, but support for IPv6 is very different from a functional parity perspective,” said Danny McPherson, CSO at Verisign, in a recent interview. “We have to invest a lot of capital in [routers] and even the features and capabilities from a performance perspective are much, much lower for IPv6 than for IPv4.”

Verisign, which operates the .com, .net and .gov domains as well as two DNS root servers, has supported IPv6 in its operational infrastructure since 2007. About 1 percent of Verisign’s traffic is IPv6.

“The router operating system is kind of the easy part,” McPherson said. “You’re hard-pressed to find any routers that have parity in IPv4 and IPv6 from a packet forwarding perspective. It gets even uglier when you look at state-based firewalls and load balancers.”

Another issue is when products that claim IPv6 support don’t support all of the IPv6-related standards, such as Dynamic Host Configuration Protocol (DCHPv6) and Secure Neighbor Discovery (SEND)

Timothy Winters, senior manager of the University of New Hampshire Interoperability Lab (UNH-IOL), said recently that many network products don’t support DHCPv6, which is a key addressing feature for internal networks run by enterprise customers. He also said few operating systems support SEND, which helps protect against malicious IPv6 attacks.

“It’s exactly like Swiss cheese,” Winters said. “IPv6 products are available but they have holes. … You need to find out what’s missing for your network so you can figure out when it’s going to be available or how you can work around it.”